package cn.cxyxj.code_resource_prod.code_resource.config;

import cn.cxyxj.code_resource_prod.code_resource.filter.JwtAccessTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.logout.LogoutFilter;

/**
 * @author cxyxj
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {


    @Autowired
    private OAuth2WebSecurityExpressionHandler expressionHandler;

    private String SIGNING_KEY = "cxyxj-key";
    /**
     * 配置 Token 存储位置
     * @return
     */
    @Bean
    JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(SIGNING_KEY);
        return converter;
    }

    @Bean
    TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }



    /**
     * ResourceServerSecurityConfigurer 中有  authenticationEntryPoint、accessDeniedHandler 所以需要在   configure(ResourceServerSecurityConfigurer resources) 方法设置
     * 不能在 configure(HttpSecurity http) 设置
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId("resource_server_id").tokenStore(tokenStore()).expressionHandler(expressionHandler)
                .authenticationEntryPoint(new CustomizeAuthenticationEntryPoint()).accessDeniedHandler(new CustomizeAccessDeniedHandler());
    }
    @Bean
    public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) {
        OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler();
        expressionHandler.setApplicationContext(applicationContext);
        return expressionHandler;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //.antMatchers("/user/get-user-info").hasAnyRole("dev","admin")
                //.antMatchers("/user/**").hasRole("admin")
                //.anyRequest().access("@customizeAccessDecisionConfig.hasPermission(request,authentication)");
                .anyRequest().authenticated();

        http.addFilterAfter(new JwtAccessTokenFilter(), LogoutFilter.class);
        http.csrf().disable();
    }



}